Vault Enterprise uses Sentinel
to augment the built-in policy system to provide Role Governing Policies (RGPs)
and Endpoint Governing Policies (EGPs) to enable complex, flexible policies
across identities and endpoints.

Role Governing Policies (RGPs) are Sentinel policies that are tied to
particular tokens, Identity entities, or Identity groups. They have access to
a rich set of controls across various aspects of Vault. These are evaluated
whenever a token they're attached to is used.

Endpoint Governing Policies (EGPs) are Sentinel policies that are tied to
particular paths instead of tokens. They have access to as much request
information as possible, but they can take effect even on unauthenticated
paths, such as login paths.

The Vault integration with Sentinel is documented in depth in the
Vault Enterprise documentation.
Please read that page for full documentation. This page will only show
basic examples.